Special for HIMSS: Implementing Healthcare Cyber-Hygiene with the Critical Security Controls

Our most pressing cyber security challenges can be addressed with a prioritized list of cyber hygiene best practices. Cyber hygiene consists of practical items like knowing what is connected to your network, regularly updating applications, workstations, medical equipment, as well as implementing key technical security settings to protect the security and privacy of information.

This one-day workshop will introduce you to the Critical Security Controls, which are rapidly becoming accepted as the most recognized action plan of what must be done to secure your organization. The Critical Security Controls were selected and defined by the US military as well as other respected security experts in government and private organizations. These experts examine offensive cyber-attacks and then use that information to prioritize actions to defend against such attacks.

In this class, you will learn about the actual attacks that you will be stopping or mitigating through implementing the Critical Security Controls. You will learn not only the best way to block the known cyber-attacks, but also the best way to help find and mitigate the damage from the attempted cyber-attacks. For security and privacy professionals, this workshop walks you through how to put the controls in place in your existing networks through an organized list and widespread use of cost-effective automation.

For other security professionals like auditors, Security and Privacy Officers, and risk officers, this workshop provides an overview of the controls and tools to measure the implementation of the controls. While this one day workshop does not include any hands-on labs, a more in-depth course with labs is available at the SANS Institute SEC566 Implementing and Auditing the Critical Security Controls - In-Depth.

Course Syllabus

Section 1: Special for HIMSS: Implementing Healthcare Cyber-Hygiene with the Critical Security Controls

CPE/CMU Credits: 6

Additional Information

Why Take This Course?

Why Choose Our Course?

"What are the most important things we have to do to protect our systems and data?"

That is the question the defense industrial base CIOs asked the Department of Defense when they learned their systems were leaking some of America's most important military secrets to nation-state hackers.

It is the same question that is being asked by power companies and oil and gas organizations tasked with protecting our critical infrastructure

It is the question being asked by health care organizations trying to protect medical histories, financial records, and private information of patients and customers.

If you are an information security professional, this one day workshop will highlight the most important security controls to protect your systems and data.

Author Statement

As we have had the opportunity to talk with information security executives, engineers, managers, and auditors over the past fifteen years, we see frustration in the eyes of these hardworking individuals trying to better defend their organization's technology systems. It's even come to the point where some organizations have decided that it is simply too hard to protect their information. Many are wondering, is the fight really worth it? Will we ever succeed?

We see organizations and agencies becoming more secure, and yet we still see cyber-attack and breach headlines in the news almost every day. The offensive cyber-attacks are relentless. The goal of this workshop is to give organizations better technical defenses thorough a prioritized list of actions along with realistic hope that their organizations can better defend themselves.

The Special for HIMSS: Implementing Healthcare Cyber-Hygiene with the Critical Security Controls workshop offers direction and guidance to which security controls will make the most impact, from those in the industry that look through the eyes of the attacker. What better way to play defense than by understanding the mindset of the offense? By implementing our defense methodically and anticipating offensive attacks, organizations have a chance to succeed in this fight. We hope this workshop helps those of us in the trenches turn the tide.